Risk management, strategy and analysis from DeloitteCONTENT FROM OUR SPONSORPlease note: The Wall Street Journal News Department was not involved in the creation of the content below.

Text Size

Regular

Medium

Large

Google+

Print

Crisis Leadership: Five Principles for Managing the Unexpected

Domestic terrorism, cyberattacks, power outages, white collar crimes and other catastrophic events are just a few of the potential crises companies can face. While many companies have a crisis plan in place, they may not have actually tested their plans, or the plans may be inadequate. A Deloitte online poll of more than 2,000 C-suite executives, managers, analysts and crisis professionals from U.S. and international companies¹ found that a large percentage of respondents did not know what their biggest gap in crisis preparedness would be. Further, half of respondents were not sure whether the crisis response team had been tested.

Rhoda Woo

“It’s the unseen or unanticipated crises that are potentially the most dangerous,” says Rhoda Woo, a Deloitte Advisory managing director and leader of the U.S. Crisis Management practice at Deloitte & Touche LLP.

Crises can be divided into two types: routine and novel.² Routine events³ are the known risks for which organizations can plan and develop procedures. Examples include safety plans for manufacturers, recall plans for food companies and liquidity plans for financial institutions, as well as disaster recovery and security plans for companies across industries.

Mary Galligan

Novel crises are those risks that exhibit unusual frequency and impact. Organizations typically don’t have plans for such events. Novel crises may be a confluence of two or three events that strike at the same time. Or they may simply be too big or unusual to be imagined.

“In the absence of pre-determined procedures, novel crises—whether they be natural disasters, terror attacks, cyber breaches or malevolence such as shootings or inside sabotage and fraud—can test leadership’s decision-making and strategic-thinking abilities,” says Mary Galligan, a Deloitte Advisory director in the Cyber Risk Services practice at Deloitte & Touche LLP. Of these novel crises, terror attacks are garnering the most concern. When respondents to the online poll were asked which event their organizations were least prepared for, terror topped the list at 36.4%, followed by a cyber breach at 18.3%.

Five Operating Principles for Managing the Unexpected

A crisis puts to the test the decision-making skills of an organization’s management and employees. ”If you are too quick to make a decision, you might be basing the decision on incorrect or inadequate information; by the same token, waiting for the perfect set of data can lead to analysis paralysis and slow decision-making or no decisions being made at all,” says Ms. Woo. “During a crisis senior executives can find themselves overwhelmed by the vast amount of information and the whole information and communications environment,” she adds.

The following five operating principles can help executives manage the unexpected across different types of crises:

William Snyder

Lead decisively: The CEO may not always be the ideal choice to lead a response to an unexpected or unusual crisis as it could distract him or her from the day-to-day business and other important matters. In a crisis, other C-level executives, such as the chief operations officer, chief risk officer, chief legal officer in the case of a major legal challenge, can step forward to lend support, as can an outside crisis manager.

“Effective turnarounds are not made out of micro-incrementalism, but of very bold and decisive acts,” says William Snyder, a Deloitte Advisory principal and leader of the Corporate Restructuring Group at Deloitte Transactions and Business Analytics LLP. “However, it’s not uncommon to make mistakes, so it’s important to be flexible and back up, change course, adjust and go forward again,” he adds.

Continuously frame the crisis: Rather than holding fast to the first impression and analysis of the crisis, be flexible to embrace new information as it comes along. If new analysis suggests a remake of the original plan, remake the plan. “One of the most important things for any crisis leader is to identify what the crisis is and to constantly look at that identification every couple of hours, days and weeks because crises can change and they can become multiple events,” notes Ms. Galligan. “What you thought was unimportant yesterday can become extremely important tomorrow. In today’s age of social media and 24×7 press coverage, some things can become much more in a crisis than originally expected. So continually framing the crisis, having the ability to assess on a continuous basis, and having a process to do that is extremely effective in managing any crisis,” she adds.

Actively communicate: During a crisis, it’s important to constantly communicate up to lenders and owners, down to employees and vendors, and outside to the media and public. Control the message by designating a crisis manager to be the sole spokesperson and to be the source of honest, consistent information. It’s also critical to keep a record of the facts that the crisis manager knows at each point of the process in order to respond to potential lawsuits that may arise.It is extremely important to actively communicate up and down in an organization, as well as to customers, clients and employees. Honesty and transparency are critical.

Be ready for the unexpected: Under extreme pressure, the crisis manager should understand that individuals may act differently than during normal circumstances, and that the usual organizational roles may not apply during a crisis. “This can further add to the unpredictability of a critical event,” says Mr. Snyder. “To counteract that, any one manager should have limitations and should not be the only one to deal with a crisis. In advance, plot out when and how external parties might be brought in to help address the crisis.”

In addition, prepare to operate in a situation where there are no technology tools and/or information. “For example, the disaster plan of a company based on the East Coast had its employees work on laptops from home in the case of a natural disaster,” says Ms. Galligan. “To support this plan, data had been moved to a site on the West Coast. But then came Superstorm Sandy. “So now you had a company with its data on the West Coast but the human knowledge on the East Coast—without power. It was something that had not been expected,” she adds.

Drive toward actionable intelligence: In the midst of a crisis, leadership must often navigate confusing data and intelligence. It’s important, therefore, to cast a wide net, as crucial information can come from a range of sources, including customers and employees. But those sources must be qualified, as misinformation can be as prevalent as information. “It’s important to consider sources carefully,” notes Mr. Snyder. “Multiple view points from the right sources can provide more objective and actionable information,” he adds.

Manage the Crisis Lifecycle, not Just the Event

The timeliness and effectiveness of an organization’s response in a crisis often determines how it fares afterward. Front-loading a crisis management approach with a strong emphasis on readiness, preparation and follow-up can help organizations more effectively stay ahead of potential threats.

“The key operating principles apply across various sorts of crises. It doesn’t matter whether an organization is facing a cyber incident or a natural disaster or some kind of financial fraud,” notes Ms. Woo. “What’s important is to think of crisis management in terms of a cycle—moving from preparation to response to recovery and then around again—applying lessons learned from one stage to the plans and processes that support the other stages.”

“Crisis leadership also means having empathy for the people affected and having the ability to ask very pointed questions of the right people at the right time to quickly identify the issues,” notes Ms. Galligan.

Endnotes1. Poll conducted during a January 29, 2015, Deloitte Dbriefs webcast, “Crisis Leadership: Strategies for Effective Decision Making Amid Chaos.”2. Arnold M. Howitt and Herman B. Leonard, “Managing Crises: Responses to Large-Scale Emergencies,” CQ Press, February 11, 2009.3. In “Managing Crises: Responses to Large-Scale Emergencies,” some crisis situations are categorized “as routine emergencies, not because they are “easy” but because the predictability of the general type of situation permits agencies to prepare in advance and take advantage of lessons from prior experience—even when circumstances are quite severe.”

About Deloitte Insights

Deloitte’s Insights for C-suite executives and board members provide information and resources to help address the challenges of managing risk for both value creation and protection, as well as increasing compliance requirements.

This copy is for your personal, non-commercial use only. Distribution and use of this material are governed by our Subscriber Agreement and by copyright law. For non-personal use or to order multiple copies, please contact Dow Jones Reprints at 1-800-843-0008 or visit www.djreprints.com.